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- The MAILING DATE of this communication appears on the cover sheet with the correspondence address ~ 
Period for Reply 



A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) OR THIRTY (30) DAYS, 
WHICHEVER IS LONGER, FROM THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1.136(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 133). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1 .704(b). 

Status 

I) ^ Responsive to communication(s) filed on 19 January 2005 . 
2a)Q This action is FINAL. 2b)H This action is non-final. 

3) D Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quay/e, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) E3 Claim(s) 1-35 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) D Claim(s) is/are allowed. 

6) K Claim(s) 1-35 is/are rejected. 

7) D Claim(s) is/are objected to. 

8) D Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) S The specification is objected to by the Examiner. 

10)13 The drawing(s) filed on 22 January 2004 is/are: a)E3 accepted or b)Q objected to by the Examiner. 
Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

II) D The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12)D Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19(a)-(d) or (f). 
a)D All b)Q Some * c)D None of: 

1 .□ Certified copies of the priority documents have been received. 

2. D Certified copies of the priority documents have been received in Application No. . 

3. D Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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DETAILED ACTION 



1 . This action is in response to the amendment filed on 01/19/2005. 
Claims 1-35 are pending in the application. 



Specification 



2. The specification of this application is object to. 

- With regard to the amendment in the specification filed on 01/19/05, the amendment fails to 
comply with 37 CFR 1.57, using the root words "incorporate)" and "reference" (e.g., "incorporate by 
reference"). Applicants are respectfully directed to 37 CFR 1 .57 for a compliant amendment. 

- Minor objection to the arrangement of specification: The arrangement of this specification 

should appear as below if it is applicable: 

The following guidelines illustrate the preferred layout for the specification of a utility application. 
These guidelines are suggested for the applicant's use. 

Arrangement of the Specification 



As provided in 37 CFR 1.77(b), the specification of a utility application should include the 
following sections in order. Each of the lettered items should appear in upper case, without underlining or 
bold type, as a section heading. If no text follows the section heading, the phrase "Not Applicable" should 
follow the section heading: 

(a) TITLE OF THE INVENTION. 

(b) CROSS-REFERENCE TO RELATED APPLICATIONS. 

(c) STATEMENT REGARDING FEDERALLY SPONSORED RESEARCH OR DEVELOPMENT. 

(d) THE NAMES OF THE PARTIES TO A JOINT RESEARCH AGREEMENT 

(e) INCORPORATION-BY-REFERENCE OF MATERIAL SUBMITTED ON A COMPACT DISC 

(See 37 CFR 1.52(e)(5) and MPEP 608.05. Computer program listings (37 CFR 1.96(c)), 
"Sequence Listings" (37 CFR 1 .821 (c)), and tables having more than 50 pages of text are 
permitted to be submitted on compact discs.) or 

REFERENCE TO A "MICROFICHE APPENDIX" (See MPEP § 608.05(a). "Microfiche 
Appendices" were accepted by the Office until March 1 , 2001 .) 
(0 BACKGROUND OF THE INVENTION. 

(1) Field of the Invention. 

(2) Description of Related Art including information disclosed under 37 CFR 1.97 and 
1.98. 
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(g) BRIEF SUMMARY OF THE INVENTION. 

(h) BRIEF DESCRIPTION OF THE SEVERAL VIEWS OF THE DRAWING(S). 

(i) DETAILED DESCRIPTION OF THE INVENTION. 

(j) CLAIM OR CLAIMS (commencing on a separate sheet). 

(k) ABSTRACT OF THE DISCLOSURE (commencing on a separate sheet). 

(I) SEQUENCE LISTING (See MPEP § 2424 and 37 CFR 1.821-1.825. A "Sequence Listing" is 
required on paper if the application discloses a nucleotide or amino acid sequence as 
defined in 37 CFR 1 .821 (a) and if the required "Sequence Listing" is not submitted as an 
electronic document on compact disc). 



Claim Rejections - 35 USC § 101 



3. 35 U.S.C. 101 reads as follows: 

Whoever invents or discovers any new and useful process, machine, manufacture, or 
composition of matter, or any new and useful improvement thereof, may obtain a patent therefor, 
subject to the conditions and requirements of this title. 



4. The claims 16-19 are rejected under 35 U.S.C 101 because the claimed invention is directed to 
non-statutory subject matter. 
As per claims 16-19 : 

Claim 16 recites a list of elements, a user interface, an inventory control engine, a distribution engine, a 
client control module, a database. Each element in the claim is referred with the word "coupled", 
however, this word functionalize nothing. The claim as a whole fails to impart any transition or 
functionality toward a practical thing, but recites merely a list of non-functional descriptive materials. The 
claim is a list per se. This type of claim fails to meet 35 U.S.C. 1 01 . 

Claims 17-19 are also recite non-functional descriptive materials. Each claim is a list perse and rejected 
under 35 U.S.C. 101. 



To expedite a complete examination of the instant application the claims rejected under 35 U.S.C. 
101 (nonstatutory) above are further rejected as set forth below in anticipation of application amending 
these claims to place them within the four statutory categories of invention. 
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Claim Rejections - 35 USC § 102 

5. The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that form the basis for 
the rejections under this section made in this Office action: 

A person shall be entitled to a patent unless - 

(a) the invention was known or used by others in this country, or patented or described in a printed 
publication in this or a foreign country, before the invention thereof by the applicant for a patent 

(b) the invention was patented or described in a printed publication in this or a foreign country or 
in public use or on sale in this country, more than one year prior to the date of application for 
patent in the United States. 

6. Claims 1-35 are rejected under 35 U.S.C. 102(a) as being anticipated by Microsoft White Paper, 
"Understanding Patch and Update Management: Microsoft's Software Update Strategy", Microsoft 
Corporation, pages: i-iii, 1-14, October 2003. 

Given the broadest reasonable interpretation of followed claims in light of the specification. 
As per Claim 1 : Microsoft discloses, 

A method for automatically distributing a software update to a network of devices controlled by an 
organization, the method comprising: 

receiving application and system information from one or more inoculation clients installed on said 
devices, said receiving performed via peer-to-peer communication; (See the whole reference, particularly, 
Microsoft provides tools to a client within a small Organizations (p.7), Medium-Sized Organizations (p. 9), 
Large Organizations (p. 11), etc., these organizations are inoculation client application and system 
information peer-to-peer receiver); 

comparing said application and system information with application and version information in a global 
update repository to determine if an update exists for a corresponding application controlled by an 
inoculation client (For example, see, p. 10, Microsoft Baseline Security Analyzer has means for 
comparing an application and system information with the application and version information in an 
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update repository. The analyzer supports for performing the security updates portion of a scan. Also see 
p 11, Microsoft Download website ('update repository 1 ). See p. 13, "Microsoft Update", scheduled for 
release in Spring 2004, will consolidate the patchs and updates into one repository ('update repository"). At 
launch, Microsoft Update will support patches, updates, and service packs for Windows 2000, XP, Server 2000 
& 2003 operating systems as well as Microsoft Office 2003, Microsoft SQL Server 2000, and Microsoft 
Exchange Server 2003); 

queueing said update if an update exists for an application controlled by an inoculation client; receiving a 
communication from said corresponding inoculation client checking for available distribution jobs; 
(For example, the baseline security Analyzer allows users to scan {queue) one or more Windows-based 
computers for common security misconfigurations (p. 7-8) (i.e. has means for checking for available 
distribution jobs - also has means for comparing said application and system information), Security 
Update Inventory Tool provides ongoing scans of client computers for installed or applicable security updates 
(p. 11), Microsoft Baseline Security Analyzer 2.0 provides a true enterprise-ready scanning technology (p. 13). 
See content within Microsoft Baseline Security Analyzer 2.0 (p.13)); and 
transmitting said update to said corresponding inoculation client in response to said receiving a 
communication if an update exists for an application controlled by said corresponding inoculation client 
(For example, see Distribute Software Updates Wizard Installer (p. 11-12) and see Office Update 
Inventory Tool). 

As per Claim 2 ; Microsoft discloses, The method of claim 1, further comprising: configuring an inoculation 
server distributed across one or more of the devices; and performing an initial connection between said 
inoculation server and said global update repository (For example, see P. 6: the AutoUpdate feature can 
be configured to retrieve patches directly from Windows Update at regular intervals. Individuals can 
choose whether to be prompted to install new updates or have them install automatically. See p. 9-10: 
Clients are configured to connect to specific servers and can be configured for automatic software update 
installations or end-user prompting). 
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As per Claim 3 : Microsoft discloses, The method of claim 1, wherein said application and system 
information includes operating system information and version (See content within Microsoft Update (p. 
13)). 

As per Claim 4 : Microsoft discloses, The method of claim 1, wherein said application and system 
information includes installed software applications and versions (See Software Updates Installation 
Agent (p.12)). 

As per Claim 5 : Microsoft discloses, The method of claim 1, wherein said application and system 
information includes network information (For example, see Virus Information Alliance, p. 5). 
As per Claim 6 : Microsoft discloses, The method of claim 1, wherein said application and system 
information is received in Extensible Markup Language (XML) format (See Office Update Inventory Tool (p. 
11)). 

As per Claim 7 : Microsoft discloses, The method of claim 1, wherein said queuing said update includes 
linking said update package and said corresponding application in a database table (For example, see 
Software Update Services Feature Pack, p. 11). 

As per Claim 8 : Microsoft discloses, The method of claim 1, wherein the global update repository is a 
centralized repository that manages operating systems and software to be delivered to inoculation 
servers, (i.e. Microsoft downloads Web site; or see "consolidate the patchs and updates into one repository" 
(p. 13)). 

As per Claim 9 : Microsoft discloses, The method of claim 8, therein said global update repository mines, 
retrieves, and archives external update information (i.e. Microsoft/Microsoft downloads Web site; or see 
"consolidate the patchs and updates into one repository" (p. 1 3)). 

As per Claim 10 : Microsoft discloses, The method of claim 9, wherein said external update information is 
mined and retrieved from external security websites (i.e. Microsoft/Microsoft downloads Web site; or see 
"consolidate the patchs and updates into one repository" (p. 13)). 

As per Claim 1 1 : Microsoft discloses, The method of claim 10, wherein said global update repository uses 

web spiders (i.e. Microsoft/Microsoft downloads Web site; or see "consolidate the patchs and updates into 

i 

one repository" (p. 13)). 
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As per Claim 12 : Microsoft discloses, The method of claim 1, wherein said comparing includes utilizing an 
HTTP GET or POST command. (Functional equivalence: "command line operations for scanning one or 
more Windows-based computers" (p. 8); "MBS A Ul or in the MBS A command line interface, seen in p. 7") 
As per Claim 13 : Microsoft discloses, The method of claim 9, wherein said external update information 
contains a vendor type, said vendor type being automatic download and release, automatic download and 
manually confirm release, or manually download and confirm (See section Software Update Service 2.0, 
P- 13). 

As per Claim 14 : Microsoft discloses, The method of claim 1, wherein said comparing is performed by an 
inventory control engine (e.g. Security Update Inventory Tool, p. 11). 

As per Claim 15 : Microsoft discloses, The method of claim 1, wherein said queuing is performed by a 
distribution engine (e.g. Distribute Software Updates Wizard, p. 12). 

As per Claim 16 : Microsoft discloses, An inoculation server for automatically distributing a software 
update to a network of devices controlled by an organization, the inoculation server distributed among the 
devices and comprising: 

a user interface (e.g. See MBSA Ul or in the MBSA command line interface, seen in p. 7"). 

an inventory control engine coupled to said user interface, to one or more inoculation clients, and to a 

global update repository (e.g. Security Update Inventory Tool, p. 1 1 , coupled MBSA Ul, and Microsoft update 

repository); 

a distribution engine coupled to said user interface and said inventory control engine (e.g. Distribute 
Software Updates Wizard, p. 12, coupled MBSA Ul, and Security Update Inventory Tool); 
a client control module coupled to said distribution engine and to said one or more inoculation clients (e.g. 
Web Reports Add-In for Software Updates/ Microsoft Guide to Security Patch Management (p.12)); and 
a database coupled to said inventory control engine, said distribution engine, and said client control 
module (Microsoft update website or consolidated repository, that is coupled inventory/distribution tools, 
and Security Patch Management as seen in p. 11-13). 

As per Claim 17 : Microsoft discloses, An inoculation server for automatically distributing a software 
update to a network of devices controlled by an organization, the inoculation server distributed among the 
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devices and comprising: an inoculation client application and system information peer-to-peer receiver; 
(See the whole reference, particularly, Microsoft provides a tool to a client within a small Organizations 
(p.7), Medium-Sized Organizations (p. 9), Large Organizations (p. 11), etc., within these organizations are 
inoculation client application and system information peer-to-peer receiver); 
an application and system information global update repository information comparer coupled to said 
inoculation client application and system information peer-to-peer receiver (For example, see, p. 10, 
Microsoft Baseline Security Analyzer that supports for performing the security updates portion of a scan; 
see p 11, Microsoft Download website; and see p. 13, "Microsoft Update", scheduled for release in Spring 
2004, will consolidate the patchs and updates into one repository . At launch, Microsoft Update will support 
patches, updates, and service packs for Windows 2000, XP, Server 2000 & 2003 operating systems as well as 
Microsoft Office 2003, Microsoft SQL Server 2000, and Microsoft Exchange Server 2003); 
an update queuer coupled to said application and system information global update repository information 
comparer (For example, the baseline security Analyzer allows users to scan one or more Windows-based 
computers for common security misconfigurations (p. 7-8), Security Update Inventory Tool provides ongoing 
scans of client computers for installed or applicable security updates (p. 11), Microsoft Baseline Security 
Analyzer 2.0 provides a true enterprise-ready scanning technology (p. 13)); 

an inoculation client available distribution jobs communication receiver; and an update transmitter 
coupled to said update queuer and to said inoculation client available distribution jobs communication 
receiver (For example, see Distribute Software Updates Wizard Installer (p. 11-12) that is associated with 
Office Update Inventory Tool). 

As per Claim 18 : Microsoft discloses, A system for automatically distributing a software update to a 
network of devices controlled by an organization, 

comprising: one or more inoculation servers distributed among the devices; one or more inoculation 
clients distributed among the devices and in peer-to-peer communication with one or more of said one or 
more inoculation servers (Microsoft provides tools to a client within a small Organizations (p.7), Medium- 
Sized Organizations (p. 9), Large Organizations (p. 11), etc., these organizations are inoculation client 
application and system information peer-to-peer receiver); and 
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a global update repository coupled to said one or more inoculation servers (Microsoft provides Microsoft 
software update web site and/or consolidated repository). 

As per Claim 19 : Microsoft discloses claim 19. See rationale in addressed in Claim 16. 

As per Claim 20 : Microsoft discloses claim 20. See rationale in addressed in Claim 1. 

As per Claim 21 : Microsoft discloses, The apparatus of claim 20, further comprising: means for 

configuring an inoculation server distributed across one or more of the devices; and means for performing 

an initial connection between said inoculation server and said global update repository. 

See rationale in addressed in Claim 2. 

As per Claim 22 : Microsoft discloses, The apparatus of claim 20, wherein said application and system 
information includes operating system information and version. See rationale in addressed in Claim 3. 
As per Claim 23 : Microsoft discloses, The apparatus of claim 20, wherein said application and system 
information includes installed software applications and versions. See rationale in addressed in Claim 4. 
As per Claim 24 : Microsoft discloses, The apparatus of claim 20, wherein said application and system 
information includes network information. See rationale in addressed in Claim 5. 
As per Claim 25 : Microsoft discloses, The apparatus of claim 20, wherein said application and system 
information is received in Extensible Markup Language (XML) format. 
See rationale in addressed in Claim 6. 

As per Claim 26 : Microsoft discloses, The apparatus of claim 20, wherein said queuing said update 
includes linking said update package and said corresponding application in a database table. See 
rationale in addressed in Claim 7. 

As per Claim 27 : Microsoft discloses, The apparatus of claim 20, wherein the global update repository is a 
centralized repository that manages operating systems and software to be delivered to inoculation 
servers. See rationale in addressed in Claim 8. 

As per Claim 28 : Microsoft discloses, 77?e apparatus of claim 20, therein said global update repository 
mines, retrieves, and archives external update information. See rationale in addressed in Claim 9. 
As per Claim 29 : Microsoft discloses, 77?e apparatus of claim 28, wherein said external update 
information is mined and retrieved from external security websites. 



Application/Control Number: 10/763,814 Page 10 

Art Unit: 2191 

See rationale in addressed in Claim 10. 

As per Claim 30 : Microsoft discloses, The apparatus of claim 29, wherein said global update repository 
uses web spiders. See rationale in addressed in Claim 1 1 . 

As per Claim 31 : Microsoft discloses, The apparatus of claim 20, wherein said means for comparing 
includes means for utilizing an HTTP GET or POST command. See rationale in addressed in Claim 12. 
As per Claim 32 : Microsoft discloses, The apparatus of claim 28, wherein said external update 
information contains a vendor type, said vendor type being automatic download and release, automatic 
download and manually confirm release, or manually download and confirm. See rationale in addressed 
in Claim 13. 

As per Claim 33 : Microsoft discloses, The apparatus of claim 20, wherein said means for comparing is an 
inventory control engine. See rationale in addressed in Claim 14. 

As per Claim 34 : Microsoft discloses, The apparatus of claim 20, wherein said means for queuing is a 
distribution engine. See rationale in addressed in Claim 15. 

As per Claim 35 : Microsoft discloses claim 35. See rationale in addressed in Claim 1. 

7. Claims 17-18 are rejected under 35 U.S.C. 102(a) as being anticipated by Keromytis et al., "A 
Holistic Approach to Service Survivability", ACM, pages: 1 1-22, October 2003. 
As per Claim 17 : Keromytis discloses, An inoculation server for automatically distributing a software 
update to a network of devices controlled by an organization, the inoculation server distributed among the 
devices and comprising: 

an inoculation client application and system information peer-to-peer receiver; (See, p17: MEET/SUES: 
inoculation client application. See p. 15, left column: peering center: system information peer-to-peer 
receiver); 

an application and system information global update repository information comparer coupled to said 
inoculation client application and system information peer-to-peer receiver (See Figure 1 : Patched service 
distribution and Automatic software patching system); 
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an update queuer coupled to said application and system information global update repository information 
comparer (See p. 12, sec. 2: stealthy scans and probes. See p. 15, sec 3.2.2, "Vims scanners and 
security patches" used for updating and fixing security holes (sec. 3.2.2.1)); 

an inoculation client available distribution jobs communication receiver (See Figure 1 : communications 
that connects to Wide-Area Network from Patched service Distribution); 
and an update transmitter coupled to said update queuer and to said inoculation client available 
distribution jobs communication receiver (For example, see sec 3.2.2, provided with "Virus scanners and 
security patches"). 

As per Claim 18 : Keromytis discloses, A system for automatically distributing a software update to a 
network of devices controlled by an organization, comprising: 

one or more inoculation servers distributed among the devices (See Figure 1 in p. 13: referring to 
Patched Service distribution: further see Figure 2, and p. 19); one or more inoculation clients distributed 
among the devices and in peer-to-peer communication with one or more of said one or more inoculation 
servers (See Figure 1 : referring to Wide-Area Network, and further refereeing to sec. 4.1 for "peer-to- 
peer"); and 

a global update repository coupled to said one or more inoculation servers (See Figure 1 : Automatic 
software patching system, further see Figure 2, Database Server). 



Conclusion 



8. Any inquiry concerning this communication or earlier communications from the examiner should 
be directed to Ted T. Vo whose telephone number is (571) 272-3706. The examiner can normally be 
reached on 8:00AM to 4:30PM. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's supervisor, Wei 
Y. Zhen can be reached on (571) 272-3708. 

The facsimile number for the organization where this application or proceeding is assigned is the 
Central Facsimile number 571-273-8300. 
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Any inquiry of a general nature or relating to the status of this application should be directed to 
the TC 2100 Group receptionist: 571-272-2100. Information regarding the status of an application may 
be obtained from the Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. Status information for 
unpublished applications is available through Private PAIR only. For more information about the PAIR 
system, see http://pair-direcl.uspto.gov. Should you have questions on access to the Private PAIR 
system, contact the Electronic Business Center (EBC) at 866-217-9197 (toll-free). 




Ted T. Vo 
Primary Examiner 
Art Unit 2191 
July 21, 2006 



